Please use FireFox to view this page

This website has been designed for use with the FireFox browser. Please use FireFox to view this page.

Securing a network: Network, Firewalls & Routers

This chapter will teach you how to create networks from
scratch, as well as maintaining and expanding existing networks. Included in
the chapter are details on the use and configuration of modern network appliances
such as Firewalls, proxies and routers.

An instant reference for troubleshooting network problems,
and a guide to best practice techniques to ensure your network is free from
malicious attacks from the Internet is virtually indispensable in company and
small office networks. But from a developer’s perspective, it is doubly
important to know how network appliances work, so that code developed for the
open market will not be caught out in the cold once it is placed behind a proxy
or NAT.

To give an example, if your application needs to be
contactable from a central server, how can you guarantee that the client
application can make an outgoing connection to the server, and that the server
can make a returning connection back to the client, or vice-versa. How can the
server keep track of the client’s IP address if the ISP can change it
arbitrarily?

This chapter answers all these questions, and gives you the
theoretical grounding that is required for the later content.

This chapter deals with encrypting and decrypting of data,
as well as the ways in which weak encryption can be avoided. When you look at
security and Cryptography from the eyes of someone that is trying to crack your
system, you will be all the more aware of where potential failings may lie. In
this section, security is viewed from a cryptanalysts perspective, with a view
to exploiting weaknesses in Symmetric and asymmetric encryptive algorithms.

You might be interested in reading the article on implementing RSA
from first principles on this site. It must be stressed that it is easier,
and more secure to use the native RSA implementation, as described in this
chapter

This chapter deals with the techniques available to
authenticate clients to servers, and vice-versa. Measures such as these can be
uses to help prevent non-repudiation claims and other tricky situations.

The most common form of authentication on the Internet is
HTTPS (secure http), which is a mixture of the SSL protocol, HTTP, using X509
digital certificates to provide the authentication. As part of the HTTPS
protocol, and a method commonly used in securing database passwords etc., is
hashing. This technique is explained in detail in this chapter.

The coverage of authentication schemes is not limited to HTTPS.
In fact it ranges from the cutting edge .NET passport framework, to legacy
systems used primarily in financial networks such as X.25, ISO 8730, SWIFT,
ETEBAC and BACS (now BACSTEL/IP)

“Providing software that lets people do their jobs is usability; providing software that lets
10,000 people do their jobs is scalability.”

Internet traffic is highly volatile, in
a matter of days; the number of people accessing an online service can increase
one hundred fold, with no warning whatsoever. Where this may be a godsend for
advertising, it can be a nightmare for application design. The chapter starts
with a case study of arguably the most scalable website on the planet, Google.

This chapter details the various techniques than can be employed to help
applications cope when placed under massive load. Techniques described include
hardware load balancers, custom software load distributors, round robin
systems, and so forth.

After reading this chapter you will be able to predict exactly how your
application will perform under any given load condition.

There has
been a lot of hype about web services and remoting, and hundreds of books have
been written on the subject. This book, covers the basics of using both web
services and remoting, but more importantly, it covers the more advanced issues
such as deployment, hosting (stand-alone, IIS, or Win32 service), Calling
(asynchronous, synchronous and one-way)… and so on.

Going beyond the basics, it discusses remoting channels
& Sinks (IMessageSink interface), object lifetime (ILease interface),
Versioning, Events, and so forth. The webservice example in this chaper
demonstrates how to create an XML web service (ASMX file) which can retrieve
the IP address of a client computer from the underlying HTTP serverVariables.
It also describes both Asyncronous and synchronous invokation of a web service.